Password Management &

& Two-Factor
Authentication
Today's Objectives
1 Master Secure Password Practices 2 Implement Multi-Factor Authentication
Learn how to create and manage strong, unique passwords that protect Understand how to set up and effectively use two-factor authentication
that protect your digital identity across multiple platforms and services. to add an essential layer of security beyond passwords alone.
services.

By the end of this session, you'll have practical skills to significantly enhance your personal cybersecurity posture and protect your valuable information from
information from increasingly sophisticated threats.
The Critical Role of Passwords in Security
Passwords serve as the primary gatekeepers to our digital lives, protecting:
• Personal information and communications
• Financial accounts and transactions
• Professional data and work systems
• Private photos, documents, and memories
Despite advances in security technology, passwords remain the most common
authentication method worldwide, with the average person managing 70-100
passwords across various accounts.

The challenge: Creating and remembering strong, unique passwords for

dozens of accounts without resorting to unsafe practices.
Characteristics of Strong Passwords

Length Complexity
Minimum 12 characters. Each additional character exponentially increases Mix of uppercase, lowercase, numbers and symbols. Avoid predictable
security. substitutions (0 for O, $ for S).

Uniqueness Randomness
Different password for each account. Never reuse passwords across Avoid dictionary words, personal information, or common phrases that
multiple sites. phrases that can be easily guessed.

"A password should be like a toothbrush. Use it every day, change it regularly, and never share it with anyone."
The Passphrase Approach
What is a passphrase?

A sequence of random words or a memorable sentence that creates a long,

strong password that's easier to remember than a complex string of
characters.

Examples:

• correct-horse-battery-staple
• The!Quick$Brown2Fox^Jumped
• sunnyDAY-27-strawberry-PIANO

Activity: Create your own strong passphrase and test it on a

password strength checker like [Link].
Password Cracking Demonstration

How Fast Can Your Password Be Cracked?

Password Example Time to Crack Method

password123 Instantly Dictionary attack

Summer2023! 3 hours Rule-based attack

Tr0ub4dor&3 3 days Hybrid attack

kfj$L09q!xPr2Z 2 years Brute force

correct-horse-battery-staple 550 years Brute force

Modern password cracking tools can attempt millions of combinations per second. What used to take years can now be accomplished in minutes or hours with
specialized hardware.
Password Management Tools
Benefits
• Generate truly random, complex passwords
• Store all credentials securely in one place
• Auto-fill login forms
• Sync across multiple devices
• Audit for weak or reused passwords

Popular Options
• Bitwarden (Free, open-source)
• LastPass (Freemium)
• 1Password (Paid, family plans)
• KeePassXC (Free, offline)
• Browser built-in managers (Chrome, Firefox)
Avoiding Common Password Mistakes

Password Reuse Physical Recording Personal Information

Using the same password across multiple accounts Writing passwords on sticky notes, notebooks, or Using birthdays, pet names, or other personal
accounts means a breach on one site compromises unencrypted files creates physical security details makes passwords easily guessable through
compromises all your accounts. 65% of people reuse vulnerabilities that bypass all digital protections. basic research or social media stalking.
people reuse passwords across multiple sites.

Never share your passwords - legitimate organizations will never ask for your full password over phone, email or text. Sharing credentials with others,
even trusted friends, dramatically increases risk.
What is Two-Factor Authentication (2FA)?
Two-factor authentication adds a second verification step beyond your
your password, requiring:

Something you know

Your password or PIN

PLUS one of these:

Something you have - Phone, security key, token

Something you are - Fingerprint, face, voice

This second factor prevents account access even if your password is

compromised, dramatically improving account security.
Types of Two-Factor Authentication

SMS Text Messages Authenticator Apps

How it works: A temporary code is sent via text message How it works: Time-based codes generated on your device

Security level: Basic (vulnerable to SIM swapping) Security level: Strong

Convenience: High Examples: Google Authenticator, Microsoft Authenticator, Authy

Security Keys Biometrics

How it works: Physical USB or NFC devices that must be present How it works: Fingerprint, face, or voice recognition

Security level: Strong (but can have privacy implications)

Security level: Very Strong
Examples: Touch ID, Face ID, Windows Hello
Examples: YubiKey, Google Titan
Enabling 2FA - Step by Step Demo
Setting up 2FA on Google:
Important: Always set up recovery options! If you lose your second factor
1. Go to Google Account → Security device, backup codes or recovery email/phone will be your only way back
2. Find 2-Step Verification and click Get Started into your account.
3. Verify your phone number for backup
4. Choose your preferred 2FA method: Similar processes exist for Instagram, Facebook, Twitter, banking sites, and most
• Google Authenticator app (recommended) major online services. Always enable 2FA on financial accounts and email first.

• SMS text messages

• Security key
5. Test the verification process
6. Save your backup codes in a secure location
Benefits and Limitations of 2FA
Benefits Limitations

• Blocks 99.9% of automated attacks • Not 100% foolproof (vulnerable to phishing)

• Prevents access even if password is compromised • Added step in login process
• Alerts you to unauthorized access attempts • Requires managing backup codes
• Easy to implement on most major platforms • Can be frustrating if you lose your device
• Often satisfies compliance requirements • SMS verification vulnerable to SIM swapping

The verdict: Despite minor inconveniences, the security benefits of 2FA far outweigh the drawbacks. It's among the most effective security measures
available to the average user.
Real-Life Impact: How 2FA Saved These Accounts

"I received a 2FA prompt on my phone when "Hackers compromised thousands of "My Instagram was worth over $10,000 in
when I wasn't trying to log in. Someone had accounts on our platform, but none of the partnerships. When someone tried to take it
Someone had my password but couldn't get users with 2FA enabled were affected. It was over, 2FA stopped them cold and saved my
couldn't get past the second factor. I the difference between a major breach and business."
immediately changed my password and a minor incident."
and secured my account."
— Professional influencer with 250,000
— Marketing executive whose email was — Security engineer at a major social followers
targeted in a business phishing attack media company

In each case, passwords alone would have failed to protect these accounts. The second authentication factor was the critical defense that prevented unauthorized
access.
Securing Your Digital Life: Next Steps
Today:
• Choose a password manager and set it up
• Create a strong master password/passphrase
• Enable 2FA on your email and financial accounts
• Store backup codes in a secure location

This week:
• Audit and update passwords for critical accounts
• Enable 2FA on social media and other platforms
• Remove any written passwords from your desk/workspace

Remember: Your security is only as strong as your weakest link. A single vulnerable account can compromise your entire digital identity.